Multiple vulnerabilities have been discovered in the Xen hypervisor, whichcould result in privilege escalation.

For Debian 7 "Wheezy", these problems have been fixed in version4.1.6.lts1-12.

We recommend that you upgrade your xen packages.

Please note that CVE-2017-15590 (XSA-237) will *not* be fixed in wheezy asthe patches are too intrusive to backport.The vulnerability can be mitigated by not passing through physical devicesto untrusted guests.More information can be found on https://xenbits.xen.org/xsa/advisory-237.html

Further information about Debian LTS security advisories, how to applythese updates to your system and frequently asked questions can befound at: https://wiki.debian.org/LTS